Plattform
python
Komponente
chia-blockchain
Behoben in
2.1.1
A cross-site request forgery (CSRF) vulnerability has been identified in Chia Blockchain versions 2.1.0. This flaw impacts an unknown function within the /send_transaction endpoint, allowing a remote attacker to potentially trigger unwanted actions. While the exploitability is considered difficult and requires a high level of complexity, the vulnerability is now public. Users are advised to implement robust host security measures.
The primary impact of this CSRF vulnerability lies in the potential for unauthorized transactions. An attacker could craft malicious requests that, if a user is authenticated and interacts with a compromised Chia Blockchain interface, could result in the transfer of funds or other unintended actions. The vulnerability's high complexity requirement suggests that exploitation would likely necessitate social engineering or a sophisticated attack chain to trick a user into unknowingly executing the malicious request. The "by design" rejection from the bug bounty program highlights the vendor's perspective that host security is the user's responsibility, emphasizing the need for careful user awareness and secure configuration.
The vulnerability is publicly disclosed and a proof-of-concept may be available. The vendor was notified early, but a bug bounty report was rejected, indicating a design decision placing responsibility on the user for host security. The CVE was published on 2026-02-25. The CVSS score is LOW, reflecting the difficulty of exploitation.
Users of Chia Blockchain 2.1.0 who do not implement robust host security measures are at risk. This includes individuals running Chia Blockchain nodes on shared hosting environments or those who are not vigilant about phishing attacks and other social engineering tactics. Users relying on default configurations without additional security layers are particularly vulnerable.
• python / chia blockchain: Monitor Chia Blockchain logs for unusual transaction patterns or requests originating from unexpected sources.
# Example: Check for suspicious requests in the transaction log
import re
with open('/path/to/chia/blockchain/transaction.log', 'r') as f:
for line in f:
if re.search(r'unexpected_source', line):
print(f'Potential CSRF attack detected: {line}')• generic web: Inspect HTTP requests to /send_transaction for unexpected origins or referers. • generic web: Review access logs for requests containing suspicious parameters or payloads.
disclosure
poc
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
Due to the absence of a direct patch, mitigation focuses on strengthening host security. Users should implement robust input validation and output encoding on the Chia Blockchain interface to prevent malicious requests from being processed. Employing Content Security Policy (CSP) headers can further restrict the sources from which scripts can be executed, reducing the attack surface. Regularly review and update security configurations, and educate users about the risks of phishing and other social engineering tactics. Consider implementing rate limiting on sensitive endpoints like /send_transaction to mitigate potential abuse.
Actualizar a una versión posterior a 2.1.0, si está disponible, o implementar medidas de seguridad adicionales para mitigar el riesgo de ataques CSRF. Dado que el proveedor considera que esto es 'por diseño', es posible que no haya una solución oficial. Considere deshabilitar la funcionalidad afectada o implementar controles de acceso más estrictos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-3193 is a cross-site request forgery (CSRF) vulnerability affecting the /send_transaction function in Chia Blockchain 2.1.0, allowing remote attackers to potentially trigger unauthorized transactions.
If you are running Chia Blockchain version 2.1.0 and have not implemented robust host security measures, you are potentially affected by this vulnerability.
A direct patch is not currently available. Mitigation involves implementing robust host security measures, such as input validation, CSP headers, and user education.
While exploitation is considered difficult, the vulnerability is publicly disclosed and a proof-of-concept may be available, so active exploitation is possible.
Refer to the Chia Blockchain project's official website and security advisories for updates and further information regarding CVE-2026-3193.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.